Weak or stolen passwords account for 81% of hacking-related data breaches.
While companies typically understand the problem with weak passwords, often they leave the issue unaddressed or aren’t sure how to handle it.
The dilemma is the same in offices around the world: When you ask employees to create long, unique, difficult passwords to increase security, often they can’t remember them all and have to continually go through password resets, dragging down productivity.
So, all too often the only thing protecting a company from having their network breached and sensitive data stolen is the weakest employee password, which isn’t very strong.
Why is credential theft so popular?
Because a company can have the best managed IT security, including firewalls and anti-phishing software, but if a hacker has guessed or phished a password, they can slide right by other defenses and gain access to your network.
One of the best ways to secure logins and solve the weak password problem is to use multi-factor authentication (MFA). MFA creates another layer of security for your application access that can’t be easily breached even if the hacker has the username and password combination.
How Does Multi-Factor Authentication Work?
Most of us use MFA regularly without being aware of it. When you use your debit card to pay for a purchase or at an ATM, you’re typically required to present two forms of authentication, your bank debit card and your PIN that you enter when it’s swiped.
The same authentication structure is true when MFA is enabled for password security, you’re required to present multiple forms of “proof” that you are the person to whom access has been given.
The factors of authentication that MFA uses are:
- Something you know: Your username/password combination
- Something you have: A mobile device, token generator, etc.
- Something you are: Fingerprint, facial recognition, etc.
Without multi-factor authentication enabled, an application like Office 365 or your bank account login, will just require a single factor, typically your username and password combination, to gain access. So, if that’s stolen or hacked, a thief can easily get into your accounts.
When you enable MFA, another factor is now required to get into an application. The most common is a code that is sent via SMS to your smartphone, which has been previously set up in the system.
The steps go as follows:
- Use your name/password as your first step to login
- Click to have a code sent to complete login
- The code immediately arrives via text (it’s typically only good for 5-10 minutes)
- You enter that code and complete the login and gain access
With the proven track record of MFA and its ability to prevent password-related breaches, there’s really no reason organisations should not be using it for their logins or, at the very least, for their administrative user logins.
Using MFA with Azure and Microsoft 365
Microsoft Azure can simplify the process of using multi-factor authentication because it allows you to safeguard access to applications and data across your organization while presenting a simple interface for your users.
It also gives you the flexibility to choose from several forms of authentication and the ability to add more factors for certain logins. For example, administrators that have more access to network systems or positions such as accounting whose login credentials unlock bank account details.
Authentication methods include:
- Security questions
- Email address
- Authenticator apps
- Hardware token
- Voice call
- App passwords
MFA is available as a part of Microsoft 365 Business and includes the use of conditional access.
Conditional access policies allow you to enforce security protocols for user logins based upon factors like too many missed security questions or sign-ins from unfamiliar locations.
For example, if someone is signing in from an unfamiliar location, you can set up the conditional access policy to require them to go through an additional authentication step, such as another security question or verification with a PIN given via voice call.
Best Practices for Setting Up MFA
Companies that thoughtfully implement MFA have a much better chance at a smooth rollout without employees having login issues or technical glitches going unchecked. Here are some tips for implementing MFA at your organisation.
Create a Framework of How You’ll Deploy MFA
Before you have an admin just turn on multi-factor authentication for your team, you want to have a thorough framework in place that’s well thought out and answers questions such as:
- How will MFA factors change as user privileges go higher?
- Who will handle staff questions and issues with MFA?
- What type of employee training will you conduct?
- Do you have an IT partner in place (like NetCare) that can help you set MFA up properly?
Consider the Employee Experience
Whenever you roll out something new that’s going to change the way your staff works, you want to consider their experience and invite feedback. Such as giving employees a method to report the pros and cons they’ve experienced once MFA is enabled and offer suggestions.
You can also offer a choice of MFA options rather than forcing one, to allow employees to pick the one that works best for them.
Regularly Evaluate Your MFA Program
Our use of technology naturally evolves, and so should your protocols. You want to regularly evaluate the success of MFA, requesting feedback from your team and looking for any potential improvements.
For example, today, using fingerprint recognition as an authentication factor might not be suitable for your company, but three years from now you may have fingerprint scanners at each workstation, and it would make much more sense at that time to streamline the login process.
Let NetCare Help You Properly Implement & Administer MFA
Passwords have been found to be the biggest weak link in a company’s data security defenses, but it’s one that’s easily plugged with multi-factor authentication policies. NetCare can help you plan out your MFA protocol, onboard your staff, and implement and monitor your program.
Take the first step by contacting us to discuss your MFA options at (02) 9114 9920 or through our contact form.